BEAVERTON, Ore., Oct. 5 -- McAfee, Inc. (NYSE?), the leader in Intrusion Prevention and Risk Management solutions, today announced that McAfee(R) AVERT(TM) (Anti-virus and Vulnerability Emergency Response Team), the world-class research division of McAfee, Inc., raised the risk assessment to Medium on the recently discovered W32/Sober.r@MM!M-151, also known as Sober.r. Sober.r is a prolific worm that spreads via email, sending itself to addresses found on the victim's machine. The worm arrives as a .zip file attached to e-mail and has many of the same functionalities as its Sober predecessors. The worm was first reported to McAfee AVERT researchers this evening PST and to date McAfee AVERT has received more than 50 reports of the virus in the wild from unique senders.

Threat Overview
Sober.r is a mass mailing threat that contains its own SMTP engine to construct outgoing messages, which are written in German or English, depending of the version of Windows. It harvests addresses from local files and then uses the harvested addresses to send itself. This produces a message with a spoofed From address. The attachment comes in the form of a .zip file that contains an executable file inside, named "PW_Klass.Pic.packed-bitmap.exe". Users would need to manually extract the executable from the .zip file and manually run the attachment in order to be infected.

System Protection and Cure
More information on Sober.r and the cure for this worm can be found online at the McAfee AVERT site located at vil.nai.com/vil/content/v_136390.htm . McAfee AVERT is advising its customers to update to the 4598 DATs to stay protected from this variant of the threat.

McAfee AVERT is one of the top-ranked anti-virus and vulnerability research organizations in the world, employing researchers in thirteen countries on five continents. McAfee AVERT combines world-class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise from the McAfee IntruShield(R), McAfee Entercept(R) and McAfee Foundstone(R) Professional Services organizations. McAfee AVERT protects customers by providing cures that are developed through the combined efforts of McAfee AVERT researchers and McAfee AVERT AutoImmune technology, which applies advanced heuristics, generic detection, and ActiveDAT technology to generate cures for previously undiscovered viruses.

About McAfee, Inc.
McAfee, Inc., headquartered in Santa Clara, California and the global leader in Intrusion Prevention and Security Risk Management, delivers proactive and proven solutions and services that secure systems and networks around the world. With its unmatched security expertise and commitment to innovation, McAfee empowers home users, businesses, the public sector, and service providers with the ability to block attacks, prevent disruptions, and continuously track and improve their security. www.mcafee.com .

Use of this site is governed by our Terms of Use and Privacy Policy.
Copyright 1996- Ziff Davis, LLC. All Rights Reserved.
Reproduction in whole or in part in any form or medium without express written permission
of Ziff Davis, LLC. is prohibited.PCMag Digital GroupAdChoice